Changeset 3694


Ignore:
Timestamp:
Oct 12, 2017, 12:57:53 AM (7 days ago)
Author:
bruno
Message:

Adds docker fw configuration for MR machine

Location:
branches/3.3/ansible/roles/shorewall
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.3/ansible/roles/shorewall/defaults/main.yml

    r3667 r3694  
    77- zone: "net"
    88  type: "ipv4"
     9- zone: "dock"
     10  type: "ipv4"
    911
    1012shorewall_interfaces:
     
    1315  broadcast: "detect"
    1416  options: "dhcp,tcpflags,nosmurfs,logmartians"
     17- interface: "docker0"
     18  zone: "dock"
     19  broadcast: "detect"
     20  #options: "dhcp,tcpflags,nosmurfs,logmartians"
    1521
    1622shorewall_policies:
     
    2632  policy: "REJECT"
    2733  log_level: "info"
     34shorewall_masq:
     35- interface: "enp2s0f0"
     36  source: "172.17.0.0/16"
    2837
    2938shorewall_rules:
     
    5665  - { action: ACCEPT, source: fw, destination: "net:{{ dns1 }}", protocol: tcp, destination_port: 53 }
    5766  - { action: ACCEPT, source: fw, destination: "net:{{ dns2 }}", protocol: tcp, destination_port: 53 }
     67  - { action: ACCEPT, source: dock, destination: "net:{{ dns1 }}", protocol: udp, destination_port: 53 }
     68  - { action: ACCEPT, source: dock, destination: "net:{{ dns2 }}", protocol: udp, destination_port: 53 }
     69  - { action: ACCEPT, source: dock, destination: "net:{{ dns1 }}", protocol: tcp, destination_port: 53 }
     70  - { action: ACCEPT, source: dock, destination: "net:{{ dns2 }}", protocol: tcp, destination_port: 53 }
    5871  # Outgoing HTTP/S
    5972  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 80 }
    6073  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 443}
     74  - { action: ACCEPT, source: dock, destination: net, protocol: tcp, destination_port: 80 }
     75  - { action: ACCEPT, source: dock, destination: net, protocol: tcp, destination_port: 443}
    6176  # Outgoing SPAM
    6277  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 9999 }
     
    6782  # Outgoing PING
    6883  - { action: ACCEPT, source: fw, destination: net, protocol: icmp, destination_port: 8 }
     84  - { action: ACCEPT, source: dock, destination: net, protocol: icmp, destination_port: 8 }
  • branches/3.3/ansible/roles/shorewall/tasks/main.yml

    r3655 r3694  
    1313  template: src=policy.j2 dest=/etc/shorewall/policy owner=root group=root mode=0600 backup=yes
    1414
     15- name: Generate masq
     16  template: src=masq.j2 dest=/etc/shorewall/masq owner=root group=root mode=0600 backup=yes
     17 
    1518- name: Generate rules
    1619  template: src=rules.j2 dest=/etc/shorewall/rules owner=root group=root mode=0600 backup=yes
Note: See TracChangeset for help on using the changeset viewer.